Financial institutions are entering the digital asset space with an all-time high level of enthusiasm and commitment. America’s oldest bank and the world’s largest custodian, Bank of New York, is the newest FI to announce their adoption of cryptocurrency; other major companies like Mastercard and Tesla have also signaled their support for crypto as Bitcoin surges to $50,000 and beyond.
Meanwhile, publicly-traded organizations like Square have invested significant funds into Bitcoin, demonstrating how crypto can function as a strong alternative to fiat currency for public companies. At the same time, companies like Paypal continue to signal their investment in the space through launching crypto products and acquiring custody technology startups in the industry. According to recent research by ARK-Invest, if all S&P 500 entities were to allocate approximately 1% of their cash to bitcoin, its price would rise by another ~$40,000.
As the global transformation to digital assets and crypto goes into full swing, a number of questions are standing out to decision-makers at banks and other f inancial institutions. For one, you may be wondering, “as we expand to the digital asset space, what’s the best way to custody these new assets?” In traditional financial markets, banks utilize a sub-custodian to hold their assets.
As some financial institutions assume that they aren’t equipped to custody their own digital assets in terms of technology, operations, and risk, electing to work with a sub-custodian may appear to be an obvious solution for this space.
For one, you may be wondering, “as we expand to the digital asset space, what’s the best way to custody these new assets?”
In traditional financial markets, banks utilize a sub-custodian to hold their assets. As some financial institutions assume that they aren’t equipped to custody their own digital assets in terms of technology, operations, and risk, electing to work with a sub-custodian may appear to be an obvious solution for this space.
At Fireblocks our experience has shown that FIs often achieve better results by deploying a “direct custody” system for digital assets. Direct custody enables FIs to provide a more pristine user experience, retain tighter control over risk and compliance operations, and leverage their own balance sheets.
From a compliance standpoint, the newest announcements from leading U.S. bank and securities regulators, like the Office of the Comptroller of the Currency (OCC) and the Securities and Exchange Commission (SEC) are giving organizations the go-ahead to provide their own digital asset custody solutions confidently, securely, and within the bounds of the law. In the Asia-Pacific region, regulatory clarity also continues to increase, with new announcements around the regulation of exchanges in Hong Kong and the relationship between payments services and crypto assets in Singapore, a leading hub for digital asset services in the region.
Similarly, in the EU, major member countries have now implemented the 5th AML directive, providing clarity to certain digital asset service providers for years to come until the more comprehensive Markets in Crypto-Assets (MiCA) Regulation is passed and goes into direct effect. With a global consensus emerging around the regulation of digital assets and digital asset services, there has never been a better time from a regulatory clarity perspective to begin building a direct custody solution.
In this white paper, we’ll walk you through everything you need to know about sub-custody and direct custody in the digital asset space to help you make a decision about what is best for your organization. But first, it’s important to understand exactly what sub-custodians do, and how this carries over into our industry.
Traditional sub-custody in a digital asset context
From a traditional finance perspective, sub-custody refers to “an institution that provides custody services, with respect to securities traded in a particular market or jurisdiction, on behalf of another custodian who may not have an operation/ office in that jurisdiction [or asset class]” (definition via ASB Bank). Working with a sub-custodian basically means outsourcing the security of an asset – as well as the operational component of recordkeeping and safeguarding in relation to that asset.
In the context of digital assets, sub-custody refers to securing the “private keys” that are necessary to hold, store and transfer an organization’s assets. Digitalnative sub-custodians generally hold private keys using technologies like “cold storage” (e.g., a platform for storing private keys that is not connected to the internet, protecting the wallet from cyber attacks and other vulnerabilities that come from being connected to the web).
When an organization whose assets are being custodied makes a request to move an asset, the sub-custodian then moves those assets out of cold storage to make a payment or trade, etc.
Unlike traditional sub-custody, the safekeeping of private keys introduces new complexities to the outsourcing model – granting the digital-native sub-custodian a critical role in how an organization operates and the types of services it can deliver.
The operational challenges of subcustody today
While digital asset sub-custody may sound appealing – as it means your company does not have to worry about private key security or other advanced blockchain concepts – FIs are discovering that certain issues with sub-custody outweigh its apparent convenience.
Digital asset sub-custody is not able to support how the digital asset market operates on a variety of levels. For one, sub-custody comes with a level of operational inflexibility. Digital assets are an entirely new market that is fundamentally different from any other traded asset class that currently exists, for several reasons:
- The market operates 24 hours a day, 7 days a week, across the world.
- Liquidity of assets is distributed globally across a range of market venues (e.g. exchanges, market makers, and OTCs).
- New financial and technological models around digital assets are emerging all the time.
Digital asset sub-custody as we know it today is an adaptation of the sub-custody model from traditional finance. This model simply isn’t operationally flexible enough to enable organizations to execute business strategies at the high speed our market demands.
In addition to operational inflexibility, lack of balance sheet is another significant issue for digital asset sub-custodians. Many of today’s digital asset subcustodians – primarily sub-custodians that have gone into business purely for the crypto space – don’t have anywhere near the balance depth necessary to protect their clients’ assets in a significant way.
While there are a few sub-custodians offering digital asset services with large balance sheets, they exist in a different category than most digital asset subcustodians (and therefore are a more viable option for outsourcing custody, if that’s the route that’s best for your org).
This is where the benefits of direct custody become important.
Custodying digital assets within your organization enables you to offer better operational flexibility, leverage your own balance sheet, and reap the benefits of having a self-directed program – such as controlling your own compliance operations and utilizing internal resources.
The benefits of direct custody
Investing in a custody technology platform that enables you to be a direct custodian offers a number of concrete benefits for FIs. From flexible custody models to top-tier customer experience, building direct custody is superior from a cost-benefit analysis standpoint; the convenience of sub-custody today will cost more in the long term.
These are some of the top reasons why a direct custody model is better suited for digital assets:
Maintain full asset control and offer a top-tier user experience
Becoming a direct custodian enables your organization to maintain full control over your assets, avoiding the operational limitations introduced by a subcustodian model. In turn, that means you can provide a top-tier experience for your users if you go the direct custody route.
So, what operational requirements do financial institutions need to meet to provide a top-tier user experience in the digital asset space?
- Ability to withdraw, deposit, and move digital assets 24 hours a day, 7 days a week, no matter where you’re located. This is especially pivotal in our current era of remote work
- Instant access to liquidity
- Power to benefit from new models as they emerge (e.g., DeFi and Staking)
With sub-custody, it may be impossible to withdraw or move your digital assets at all during weekends or your sub-custodian’s off-hours.
On the other hand, if you become a direct custodian, you can choose to utilize a mixture of cold, hot, or warm storage technologies. This enables unhindered access to assets and makes it possible to fulfill user requests to move assets with the speed and ease they’ve come to expect from crypto.
Control your own risk and compliance operations
With direct custody, you can choose which customers you want to onboard based on the risk profiles your organization has established for them. This is in contrast to utilizing a sub-custodian, in which you’ll only be able to onboard clients that fit their risk profile – possibly limiting the type of clients that you can engage with.
Risk profiles also change based on jurisdiction; for example, the list of countries that are acceptable by a US custodian looks quite different from a Singaporean or EU jurisdiction. With direct custody, you can create your own customer risk profile and avoid complicated interactions that can come from having a different set of standards than your sub-custodian might.
With the ever-evolving nature of digital assets, no one can predict how digital assets will be regulated in the future. A shift in operational or compliance standards for a sub-custodian can introduce unexpected consequences for your organization.
In addition, providing your own custody means you get to choose how you want to interact with risk and compliance management services. With sub-custodians, you have no direct interaction with the underlying wallet structure, so your ability to drive automation (e.g. with a service like Chainalysis or Elliptic) is limited.
Use your internal scale for operations
Many financial institutions have a far larger operational capacity than any digitalf irst sub-custodian currently serving the space.
Direct custody enables you to build an interoperable solution, using your internal scale – no need to rely on an external organization’s headcount.
Escape the closed-loop
One of the key benefits of direct custody is that it enables your organization to escape the “closed loop” system that some FIs have found themselves after choosing to enlist a digital asset sub-custodian.
In a closed-loop system, the sub-custodian holds assets in cold storage and doesn’t actually move funds in or out of custody. If you want to buy, you buy through the sub-custodian venue, and if you want to sell, you sell through the subcustodian venue.
By implementing a direct custody model, you can choose to support external deposits and withdrawals. On the other hand, with sub-custody, your options are limited and you will need to rely on the sub-custodian’s native system for deposits and withdrawals. The issue here is that a lack of external deposits and withdrawals undermines your services and reduces the trust and transparency that customers require in this space. Direct custody allows you to add connectivity to various liquidity, lending, and trading venues, which in turn guarantees optimal execution and transparency.
Your custody solution should enable you to support new integrations and partners as opportunities arise. In general, building a direct custody solution enables organizations to be flexible in terms of who they choose to work with and what types of services they aim to deliver.
Direct custody is future-proof
One reason why financial institutions are choosing to build a direct custody route is because it’s future-proof.
With the direct custody model, you can follow your own product roadmap, instead of being dependent on your sub-custodian’s roadmap. If you build your own direct custody in the right way, you’ll be making sure you have the tech to support your most ambitious product goals.
Institutions working with the direct custody model can choose what kind of tech stack they want to utilize, while those who work with sub-custodians are beholden to that sub-custodian’s choices around technology.
Many sub-custodians utilize last-generation private key security technologies (such as multi-sig and hardware security modules) to custody digital assets; while these technologies have their benefits, they’re not future-proof. For example, multi-sig isn’t compatible with all blockchains, and HSMs are incompatible with today’s remote work environments.
Direct custody allows you to use future-proof technologies, including:
- MPC (multi-party computation) – secures private keys by removing the single point of compromise while being compatible with any blockchain
- Intel SGX – high degree of scalability across public clouds and on-prem deployments, increasing security, availability, and redundancy
- Bespoke policy engine for internal operations and regulations
Leverage your own balance sheet
Direct custody enables you to leverage your own balance sheet to protect your users’ assets.
Most sub-custodians in the digital asset space have an underwhelming balance sheet that’s unable to provide actual security for users. In fact, many financial institutions looking to get into the space have much larger balance sheets than any sub-custodian they may choose to work with. Your users feel safe and comfortable storing their traditional assets with you; if you have the balance sheet to do so, why not build direct custody and carry that trust over into the digital asset class?
If you’re going to outsource risk and operations through sub-custody, it’s best to do so with a sub-custodian that has the balance sheet to protect your users’ assets.
If your organization does not have the balance sheet to support your users, the other best option is to go with a sub-custodian that does. While the largest digitalnative sub-custodians have somewhat underwhelming balance sheets (such as Coinbase, who have a balance sheet of $100 billion), traditional banks that are building direct custody solutions in-house can offer a lot more (like BNY, who have a balance sheet of $37 trillion).
Direct custody vs. sub-custody
| IN-HOUSE DIRECT CUSTODY | SUBCUSTODIAN | |
|---|---|---|
| Timing restrictions | None Move at the speed of the market. | Restricted Beholden to time zones and working hours. |
| Access to liquidity | Instant | Can be slow |
| Adaptability | High Adapt to new models and paradigms as they emerge. | Low |
| Risk and Compliance Operations | Remain in-house and interoperable. | Outsourcing risk and compliance process can introduce new variables, e.g. standards around counterparties vary region to region. |
| Integrations with KYC/AML Providers | Highly automatable and controllable. | Fully depends on the subcustodian’s infrastructure. |
| Headcount and Operations | Utilize internal resources. | Outsource to smaller organization. |
| Closed-Loop | Flexible Choose your own setup. | Yes Currently impossible to create a subcustody solution that is not closed-loop. |
| Future-Proof | Yes Flexible Choose your own setup. | No Follow your sub-custodian’s product. |
| Ability to Utilize Your Own Balance Sheet | Yes | No |
What kind of custody solution is right for my organization?
In the 24/7, 365-day digital asset market, flexibility across the board is of the utmost importance – and direct custody is the option that offers the most flexibility.
For the majority of FI’s and Fintechs competing in this market, maintaining flexibility around operations, risk-setting, product roadmap, go-to-market strategy and user experience will make the biggest impact on their market share in five years.
The organizations that are best equipped to build their own direct custody solution are those that already have the balance sheet to protect their users’ assets; in many cases, their balance sheet may be larger than any digital-native subcustodian’s.
For organizations that do not have the balance sheet to protect their users’ assets at scale, our recommendation for sub-custody is to find an organization that has:
- Built their own direct custody solution, in-house
- Taken advantage of future-proof technology in building their solution
- Has the balance sheet to support any business request (Traditional bank-level balance sheet)
So, while there are strong options available for organizations who need to get custody from an external provider, it’s important to choose a provider that meets the above criteria.
Building direct custody
With the right technology partner, building a direct custody solution for your organization can be accomplished in a matter of months.
At Fireblocks, we’ve helped some of the biggest crypto-native institutions, banks, and fintechs create a digital asset infrastructure from the ground up to meet their business objectives.Fireblocks enables your organization to develop a custody platform and then commercialize it through:
- Instant access to liquidity, lending, and trading
- Any combination of hot, warm, and cold wallets
- Simple settlement and whitelisting (asset transfer network)
- Highly customizable policies and workflows
- Powerful tokenization engine
- Soc 2 Type II certified security & regular pen testing
- AML/KYC integrations with top providers (Chainalysis and Elliptic)
- Insurance policy on assets both in storage and in transfer
